Issues - tansaku/LocalSupport

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

RuboCop gem Insecure use of /tmp
Open

    rubocop (0.42.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-8418

Criticality: Low

URL: https://github.com/bbatsov/rubocop/issues/4336

Solution: upgrade to >= 0.49.0

httparty has multipart/form-data request tampering vulnerability
Open

    httparty (0.14.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: Medium

URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42

Solution: upgrade to >= 0.21.0

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Injection/XSS in Redcarpet
Open

    redcarpet (3.3.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26298

Criticality: Medium

URL: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793

Solution: upgrade to >= 3.5.1

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

tansaku/LocalSupport

Showing 943 of 943 total issues

Loofah XSS Vulnerability
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

RuboCop gem Insecure use of /tmp
Open

httparty has multipart/form-data request tampering vulnerability
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Injection/XSS in Redcarpet
Open

Regular Expression Denial of Service in Addressable templates
Open

Prototype pollution attack through jQuery $.extend
Open

Loofah XSS Vulnerability
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Potential XSS vulnerability in jQuery
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Severity

Category

Status

Source

Language

tansaku/LocalSupport

Showing 943 of 943 total issues

Loofah XSS Vulnerability Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open

RuboCop gem Insecure use of /tmp Open

httparty has multipart/form-data request tampering vulnerability Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Injection/XSS in Redcarpet Open

Regular Expression Denial of Service in Addressable templates Open

Prototype pollution attack through jQuery $.extend Open

Loofah XSS Vulnerability Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Potential XSS vulnerability in jQuery Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Severity

Category

Status

Source

Language

Loofah XSS Vulnerability
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

RuboCop gem Insecure use of /tmp
Open

httparty has multipart/form-data request tampering vulnerability
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Injection/XSS in Redcarpet
Open

Regular Expression Denial of Service in Addressable templates
Open

Prototype pollution attack through jQuery $.extend
Open

Loofah XSS Vulnerability
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Potential XSS vulnerability in jQuery
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open